Fraud can happen at any time at any place. To ensure we are doing our part to help your credit union and your members prevent fraud, the League is providing an update on a social engineering scheme that has come to our attention. Because two credit unions have reported similar scenarios to what is outlined below, we encourage you to share what is transpiring with your staff and members to keep them on alert.
A fraudster called a member claiming to be with Amazon’s Fraud Department. They informed the member that there was $10,000 worth of fraudulent charges posted to their account and that they would be receiving a call from their credit union’s fraud department to rectify the situation.
Shortly after, the member received a second call from someone claiming to be with the credit union. The phone number the individual was calling from was an out-of-state number. Keep in mind, that while an out-of-state phone number is typically a red flag, fraudsters can spoof numbers to appear like they are originating from a local institution.
The fraudster asked the member to verify their account information. They also asked them to go to Wal-Mart to purchase various gift cards to help recoup the fraudulent charges. Fortunately, the member called the credit union directly to verify the request and did not share any information.
Social Engineering and Vishing
What happened in this scenario is an example of a social engineering. This occurs when a false pretense is used—in this case, fraudulent Amazon account activity—to convince an individual to share personal information and/or request them to take action. Vishing calls like these typically have a sense of urgency to convince the caller to act fast. Further, gift card payment demands are an increasingly popular way for fraudsters to scam people into providing them money.
Reminder for Members
This is a great time to remind members about social engineering attacks and offer some tips to help protect them from this type of fraud. We’ve outlined a few things to keep in mind below:
- Never provide personal information in response to unsolicited messages or calls. Your credit union will never contact you and ask you to verify your account or PIN. Neither will a reputable company like Amazon. Don’t provide that information to anyone, no matter what they say.
- Only answer phone calls from numbers you recognize. If at any point you are uncertain about questions being asked or the call itself, hang up and call your credit union or the organization back using a phone number found through a trusted source such as the company’s official website or a financial statement.
- The same is true when responding to unsolicited emails or text messages. Never click on unknown links or share personal information.
- Avoid engaging with unsolicited callers. These fraudsters are trying to build a rapport with you to pressure you into sharing personal information or meeting a demand such as buying a gift card.
- No legitimate organization will ever request payment in the form of a gift card.
- Scammers often demand gift cards because they are easy to purchase and aren’t traceable to any individual’s bank account.
- Keep this in mind if someone calls you claiming to be from a charitable organization and asks for a donation in gift cards.
- Regularly check your account online to see if there are any suspicious transactions that have occurred, especially if you are unsure about a call, email, or text message you’ve received.
- Contact your credit union or other financial institution immediately if you believe you are a victim of fraud. You also can report fraud to the Federal Trade Commission by visiting ftc.gov.
Our League will continue keeping you apprised of fraud trends we are seeing.